Flexible SSL Not working. Port issue?

Can’t seem to get flexible ssl working. Does Cloudflare automatically try all its supported ports when proxying the request? For example if my backend server is listening on port 8080 nonssl, but user typeshttps://mysite.com in their browser, how does cloudflare know to proxy to port 8080???

In fact right now my server is listening to port 443 but not using ssl, I’m just using 443 cause I thought that might help cloudflare. Just trying everything and browser cannot connect to site using domain. But if I type in mysite.com:443 it works (but of course is not using ssl). I also tried running my server on port 8080. Same thing browser can’t connect (get the clouldflare 522 screen).

Cloudflare is set to proxy
Cloudflare is set to use flexible ssl

I thought this was easy before (pretty sure I’ve done this in the past), but confused now :frowning:

One correction to above, site is working if I type IP address and specify port, so http://##.##.###.##:443. This connects and proves server is working on port 443. Again not an ssl connection. If I type

https://mysite.com:443

cloudlflare gives an error that it is trying to server plain http over secure port.

?? That is not very helpful. Please assume I know what flexible ssl is and understand the risks. The issue is trying to get it to work, not whether it is a good idea or not :frowning:

I’m pretty sure Cloudflare is picky on which ports use SSL and which don’t. So using 443 for HTTP won’t work. Try port 80 and it should go through.

But I already tried 8080 :frowning: . And again whether 80 or 8080, does cloudflare just guess? or it tries all those ports? Because user has typed https://mysite.com , which browser will use 443 for, so Flexible SSL is supposed to proxy that to my servers http port, but which one?. I guess it just tries them all. It is wacky I can’t specify this. And it doesn’t seem to work :frowning:

Update: Changing to port 80 worked. Why not 8080 which is a supported port? Maybe flexible ssl only works with port 80?

Did you add that port to the URL? 80 is used by default. Any other port needs to be added to the URL therefore.

If your app supports port 8080 only, you need to set up a reverse proxy listening in Port 80 for http://domain.com. Then you just need to type http://domain.com and the request is forwarded to port 8080 internally.

If you don’t want to use a reverse proxy, you have to add that port. http://domain.com:8080

Cloudflare supported ports are those which Cloudflare will proxy (:orange: record). Using an unsupported port will lead to timeouts.

1 Like

The following does not work:
server listening on 8080 , user types https://mysite.com:8080 into browser
server listening on 8080, user types https://mysite.com into browser
server listening on 443, user types https://mysite.com:443 into browser
server listening on 443, user types https://mysite.com into browser

This works though:
server listening on 80, user types https://mysite.com into browser

I don’t understand why Cloudflare just doesn’t say, this. Or if they did I missed it. FlexibleSSL requires a server listening on port 80 and user to enter https:mysite.com (no port or they can enter :443 if they want as it is the same thing).

Cloudflare expects standard browser behavior: Port 80 for HTTP, and Port 443 for HTTPS. Flexible mode certainly gets tricky if you’re using non-standard ports, as Flexible opens a standard Port 80 connection to the host. I don’t see a straightforward way to have Flexible mode go to a non-standard port.

Right, but I mean it is completely straight forward if you are cloudflare, to just have a form where someone actually tells cloudflare what port to direct traffic to. For Flexible SSL this actually makes the most sense beacause clearly the site is not serving ssl on port 443, so why is it obvious that it is serving non ssl on port 80?

Anyway I guess my issue is solved because I can use port 80. But it seems odd that their documentation leaves this completely un addressed, or did I miss it? What if I was not serving a website but an API (which would normally use a port like 8080 or something), or running 2 websites on different ports on the same box. It just seems so odd to me for them to just assume port 80 instead of asking.

As @sdayman wrote, 80 and 443 are standard ports, All others are alternatives.

Just one more thing about Fexible SSL (though i guess you noticed that during the activation):
It’s not a full encryption.

This topic was automatically closed after 30 days. New replies are no longer allowed.